Login methods are configured by the Realm team on behalf of your organization. Contact support@withrealm.com to enable or change login methods.
Available methods
| Method | Description |
|---|---|
| Email and password | Users sign in with their email and a password. Enabled by default. |
| Sign in with a Google account via OAuth. | |
| Microsoft | Sign in with a Microsoft account via OAuth. |
| SAML SSO | Single sign-on through your identity provider (Okta, Azure AD, OneLogin, and others). See SAML SSO below. |
How sign-in works
When a user enters their email on the sign-in page, Realm looks up which organization and login methods are associated with that email. The page then shows only the login options enabled for that organization. If your organization has JIT provisioning enabled, users whose email matches a configured domain are automatically created in Realm the first time they sign in.SAML SSO
SAML SSO lets your team sign in to Realm using your existing identity provider (IdP). Setting up SAML requires coordination between your IdP admin and the Realm team.What you need to provide
Your identity provider will generate these values. Share them with the Realm team:| Field | Description |
|---|---|
| IdP Entity ID | Your identity provider’s identifier |
| SSO URL | The URL where Realm sends authentication requests |
| X.509 Certificate | The certificate used to verify SAML responses |
What Realm provides
The Realm team will give you these values to enter in your identity provider:| Field | Description |
|---|---|
| SP Entity ID | The identifier for Realm as a service provider |
| ACS URL | The Assertion Consumer Service URL where your IdP sends the SAML response |
Attribute mapping
Realm expects the following attributes in the SAML response:| Attribute | Required | Description |
|---|---|---|
| Yes | The user’s email address (used as Name ID) | |
| firstName | No | The user’s first name |
| lastName | No | The user’s last name |
Troubleshooting
| Issue | Solution |
|---|---|
| ”Invalid SAML response” | Check that the certificate matches and hasn’t expired |
| Users can’t sign in | Verify the ACS URL is correct in your IdP configuration |
| Attributes not mapping | Ensure your IdP sends email as the Name ID |
If you run into issues, reach out to support@withrealm.com and we’ll help get it sorted.